|
| 1 | +/* |
| 2 | + * Copyright 2014 Red Hat, Inc. |
| 3 | + * |
| 4 | + * All rights reserved. This program and the accompanying materials |
| 5 | + * are made available under the terms of the Eclipse Public License v1.0 |
| 6 | + * and Apache License v2.0 which accompanies this distribution. |
| 7 | + * |
| 8 | + * The Eclipse Public License is available at |
| 9 | + * http://www.eclipse.org/legal/epl-v10.html |
| 10 | + * |
| 11 | + * The Apache License v2.0 is available at |
| 12 | + * http://www.opensource.org/licenses/apache2.0.php |
| 13 | + * |
| 14 | + * You may elect to redistribute this code under either of these licenses. |
| 15 | + */ |
| 16 | + |
| 17 | +package io.vertx.ext.web.handler; |
| 18 | + |
| 19 | +import io.vertx.core.http.HttpMethod; |
| 20 | +import io.vertx.ext.web.WebTestBase; |
| 21 | +import org.junit.Test; |
| 22 | + |
| 23 | +public class StaticHandlerWindowsTest extends WebTestBase { |
| 24 | + |
| 25 | + @Test |
| 26 | + public void testEscapeToClasspathFromWildcard() throws Exception { |
| 27 | + router.clear(); |
| 28 | + router.route("/*").handler(StaticHandler.create("www")); |
| 29 | + // attempt to escape to classpath, given that the handler is mounted on a wildcard, |
| 30 | + // reading the wildcard must return a sanitized path and therefore not allow to escape. |
| 31 | + testRequest(HttpMethod.GET, "/..\\.htdigest", 404, "Not Found"); |
| 32 | + } |
| 33 | + |
| 34 | + @Test |
| 35 | + public void testEscapeToClasspathFromNull() throws Exception { |
| 36 | + router.clear(); |
| 37 | + router.route().handler(StaticHandler.create("www")); |
| 38 | + // attempt to escape to classpath, given that the handler is mounted on a catch all path |
| 39 | + testRequest(HttpMethod.GET, "/..\\.htdigest", 404, "Not Found"); |
| 40 | + } |
| 41 | + |
| 42 | + @Test |
| 43 | + public void testEscapeToClasspathFromRegEx() throws Exception { |
| 44 | + router.clear(); |
| 45 | + router.routeWithRegex(".*").handler(StaticHandler.create("www")); |
| 46 | + // attempt to escape to classpath, given that the handler is mounted on a regex, |
| 47 | + testRequest(HttpMethod.GET, "/..\\.htdigest", 404, "Not Found"); |
| 48 | + } |
| 49 | + |
| 50 | + @Test |
| 51 | + public void testEscapeToClasspathFromFixedPath() throws Exception { |
| 52 | + router.clear(); |
| 53 | + router.routeWithRegex("/").handler(StaticHandler.create("www")); |
| 54 | + // attempt to escape to classpath, given that the handler is mounted on a regex, |
| 55 | + testRequest(HttpMethod.GET, "/..\\.htdigest", 404, "Not Found"); |
| 56 | + } |
| 57 | +} |
0 commit comments